v1.13 Backports 2023-09-04 #27925
v1.13 Backports 2023-09-04 #27925
Conversation
[ upstream commit 03ac4b1 ] This refactoring moves the actual logic to extract the maximum sequence number into a dedicated function. That will be useful to allow us to test this logic in a following commit. This commit has no functionnal changes. As a reminder, we can't use netlink.XfrmStatesList here because it doesn't have the sequence numbers. We can't use JSON format because the ip xfrm commands don't support it. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 165db3a ] maxSequenceNumber currently iterates over all XFRM states in the ip xfrm state list output to find the largest sequence number. It however does so while keeping the parsed sequence numbers as hexadecimal strings. Hence, a number like "0xc1" is understood as being larger than e.g. "0x1234". This commit fixes it by parsing the sequence numbers into int64 before comparing them. We also need to adapt the regular expression slightly to avoid considering the "0x" prefix as part of the number, given strconv.ParseInt doesn't support it. Fixes: 2842c49 ("cli: add helper functions for `cilium encrypt`") Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 21d7d0a ] This commit simply adds two small unit tests for the extractMaxSequenceNumber function. The first test covers the bug fixed in the previous commit. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit b46867c ] The sorting function for DNSZombies was subtly broken, and didn't do what it advertised. Write some tests to confirm the suspicion and fix the function. Reported-by: Jussi Maki <joamaki@isovalent.com> Signed-off-by: David Bimmler <david.bimmler@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit ca5de0f ] A user pointed out that what we call "Labels-based" policies are actually matching the labels on Endpoints, but also explicitly *not* matching labels on Services. To make this more clear, change the name in the docs to Endpoints based policies. Co-authored-by: Nathan Sweet <nathanjsweet@users.noreply.github.com> Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 38b4a32 ] A user pointed out that the position of this callout made it seem like the callout only applies to the first example rather than applying to all Services based policies. Move the callout to the top of the section to make the relationship clearer. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 953e83e ] Currently, defining an `Ingress` without an `HTTPIngressRule` (e.g. only Host set) results in a panic in the Cilium Operator. Therefore, this commit changes the ingress ingestion to process the HTTP paths only if the HTTPIngressRule is set on the rule. Backporting conflicts: * minor conflict in operator/pkg/model/ingestion/ingress_test.go Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
jibi
added
kind/backports
jibi
requested review from
tklauser,
ti-mo,
pchaigno,
bimmlerd,
joestringer,
mhofstetter and
brb
|
/test-backport-1.13 |
|
cilium-agent is failing in ci-e2e:
It's because https://github.com/cilium/cilium/blob/v1.13/contrib/scripts/kind.sh#L37 doesn't have Another thing is that CLI is at v0.15.3 :-(, but that should not cause any problems. |
👍
should I tick renovate to bump v1.13 as well? |
Yes, please. |
jibi
force-pushed
the
pr/v1.13-backport-2023-09-04
branch
from
a76372a
to
0531bdf
Compare
synced offline, dropped #27738 while we understand how to sort the cilium CLI situation |
|
/test-backport-1.13 |
There was a problem hiding this comment.
My change looks good, thanks.
Fix propagation of namespace labels to CEP labels #27831 (@tklauser)
- skipped as v1.13 has not been switched to resource[T] for CEP
Will backport myself to v1.13 and v1.12. Not applicable, will remove corresponding backport labels.
[ upstream commit 7e64fb6 ] * Expose devices (to support multi-network tests). * Set cluster name. Required by older versions of Cilium CLI when doing upgrades. * Add misc option to set bpfClockProbe (#26955) and cni.uninstall (for upgrade tests it can result in pods being restarted). Backporting conflicts: * minor conflict in .github/actions/cilium-config/action.yml due to L7 config not being defined in main * removed mutual-auth setting as v1.13 doesn't support that Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 7fbfd5d ] The demo.proto download directory has been renamed from 'pb' to 'protos' by the commit [1]. Also, update the microservices-demo brance name to 'main'. [1] GoogleCloudPlatform/microservices-demo@76571f5 Signed-off-by: Haiyue Wang <haiyue.wang@intel.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 141ac8b ] Cosmetic changes. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit e4c4a5c ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit c667c54 ] Small optimization. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit bf25136 ] Currently, some workflows use a timeout of 10 minutes when waiting for images to be built and become available on quay. However, when there are lots of open PRs and thus image builds, this timeout is occasionally hit in CI. Thus, consistently bump the timeout to 30 minutes which is already used in some workflows. Backporting conflicts: * minor conflict in conformance-e2e, and tests-l4lb has been updated as well Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit c103882 ] This just makes it easier for editing. No changes. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit a568868 ] Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 0da3f7e ] Currently, the feature is not used, and its test is blocking the LVH upgrade [1][2]. Let's remove the test case. Once it is in use, we should rethink the testing approach (either implement as a BPF unit test, or an advanced CLI connectivity test). [1]: #27599 [2]: #27688 Backporting conflicts: * .github/actions/ginkgo/main-focus.yaml doesn't exist in v1.13 Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
@qmonnet there are a few conflicts and I see @julianwiedmann is already taking care of the v1.14 backport, so I'll let him handle also v1.13 (and drop #27798 for now) |
jibi
force-pushed
the
pr/v1.13-backport-2023-09-04
branch
from
0531bdf
to
9941790
Compare
|
/test-backport-1.13 Job 'Cilium-PR-K8s-1.24-kernel-4.19' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.24-kernel-4.19/143/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
|
/test-1.24-4.19 |
maintainer-s-little-helper
bot
added
the
ready-to-merge
PRs skipped due to conflicts:
Once this PR is merged, you can update the PR labels via:
or with